Cisco FirePOWER User Agent – Use With the FirePOWER Management Console
Aug14

Cisco FirePOWER User Agent – Use With the FirePOWER Management Console

KB ID 0001179 Dtd 14/08/17 Problem FirePOWER Management Center, will give you a wealth of information on traffic/threats etc. Usually it will tell you what IP the offenders are on, but if you want to know what a USER is doing, then that means you have to look though logs see who had what IP, at what time etc. So you can install the FirePOWER User Agent on a machine, (this can be a client machine, though I usually put it on a member...

Read More
Setup RANCID and ViewVC (Part One)
Jul21

Setup RANCID and ViewVC (Part One)

KB ID 0001331 Dtd 19/07/17 Problem There are couple of good posts out there on setting up Rancid (Really Awesome New Cisco Config Differ). Some even show you how to set it up with ViewVC (Formally ViewVCS, basically a nice web based GUI front end, that does version control and highlights differences). It does this using a system called CVS (Concurrent Version System, hence the original name.) Then I had to do some more searching to...

Read More
Cisco ASA – DNS Doctoring
Jul03

Cisco ASA – DNS Doctoring

KB ID 0001113 Dtd 03/07/17 Problem Cisco DNS doctoring is a process that intercepts a DNS response packet as it comes back into the network, and changes the IP address in the response. Why Would you want to do this? Well lets say you have a web server on you network, and its public IP is 111.111.111.111, and on your LAN its internal IP address is 192.168.1.100, its public DNS name, (or URL) is www.yoursite.com. When a user types...

Read More
FirePOWER Agent – Real-Time Status ‘Unavailable’
Jul02

FirePOWER Agent – Real-Time Status ‘Unavailable’

KB ID 0001323 Dtd 01/07/17 Problem I was deploying a Cisco FirePOWER user agent last week, but once setup, the agent reported that the Real-Time status for SOME of the domain controllers was permanently¬†‘Unavailable’. Now I know you have to be patient with these things so I went and had a coffee. Still it refused to ‘go green’. Solution I addition to all the other rights and firewall rules that you normally...

Read More
Cisco FirePOWER Management Center Appliance – Allowing Domain Authentication
Jun28

Cisco FirePOWER Management Center Appliance – Allowing Domain Authentication

KB ID 0001117 Dtd¬†28/06/17 Problem Once deployed, authentication is handled by the appliances own internal user database, in larger organisations this is a little impractical. So the ability to create an Active Directory Group, and delegate access to Firesight to members of that group is a little more versatile. Solution I’m making the assumption that the appliance does not already have external authentication setup at all, so...

Read More
Cisco ASA – Gernerate RSA Keypair From ASDM
Jun27

Cisco ASA – Gernerate RSA Keypair From ASDM

KB ID 0001322 Dtd 27/06/17 Problem I’ve lost count of the number of times this has happened to me! Most of my colleagues prefer to use the ASDM for remote management, but if (like me) you work at command line, then sometimes people <ahem> forget to generate the RSA keypair when deploying a firewall. Then even if SSH access and AAA is setup correctly, you still can’t get in via SSH. Instead you see the following;...

Read More